Weekly Threat Report 29th June 2018

Created:  29 Jun 2018
Updated:  29 Jun 2018
NCSC Threat Report
This report is drawn from recent open source reporting.

Fake Fortnite – don’t click the link 

Malware developers are exploiting the popularity of the video game Fortnite, with fake Android versions of the game advertised in third party stores and on compromised links in YouTube game installation videos.  

Whilst initially appearing to be genuine, using real images from Fortnite to mimic an installation, the game never actually installs, and the device is compromised by a variety of different malware.  

Researchers have observed the malware performing actions such as credential harvesting, data deletion and permitting access to mobile device cameras and audio.  

Fortnite has approximately 45 million players and users are keen to play the game on Android. It is this desire and eagerness to play which can cloud the judgement of those presented with these links. 

The developers have not yet released an Android version, so any version currently being advertised is fake. Until the game developers announce the release and it is launched in official stores, do not believe the claims or follow third party links. If the offer looks too good to be true, it probably is.  

Only installing apps from official stores and scrutinising links before clicking should protect you from most malicious apps. We advise not switching on the option that allows you to install apps from unknown sources if you don’t need to.  For further guidance, follow the NCSC’s 10 Steps to Cyber Security.  

Scam WannaCry emails 

Action Fraud, the UK’s national fraud and cyber crime reporting centre, has highlighted a sharp increase in reports of scam WannaCry emails. 

Users are told that their devices are infected with WannaCry ransomware and that all files will be deleted if they do not pay a fine in Bitcoin.  

In doing so, the cyber criminals behind the scam are exploiting the chaos and destruction of the WannaCry attack to trick users into paying.  

It is highly unlikely that any such threat exists - these are simply attempts to extort money from alarmed individuals.  

Action Fraud received 300 reports of this activity in just two days. They advise deleting the email,  reporting the attempt to them and not making any payment in Bitcoin.  Antivirus software and operating systems should also be regularly updated. The NCSC has issued guidance on phishing.


New ‘Mylobot’ malware observed in the wild 

Earlier this month, the information security company Deep Instinct reported on ‘Mylobot’, a new piece of malware that has been observed infecting an unnamed telecommunications company.  

Mylobot reportedly enables attackers to gain full control of infected machines, enabling them to add payloads for other purposes such as banking Trojans, keyloggers, and Distributed Denial of Service (DDoS) use. 

Mylobot is sophisticated for a piece of criminal malware, incorporating advanced evasion, infection and propagation techniques. Other types of criminal malware have used some of these techniques but this is the first time we have seen them all used together. 

According to TrendMicro, antivirus software is able to signature at least some versions of Mylobot. Standard network defences and good cyber hygiene should make it more difficult for Mylobot to infect a system, and for an infection to be detected if it does get in. 

By incorporating a wide range of functionality into a single tool, Mylobot represents a continuing drive by cyber criminals to evade detection and generate money in an increasingly competitive space. 

For more information on how to protect yourself or your business from this type of threat, please refer to the NCSC’s malware protection guidance.

The ECSEPA Cybersecurity Evidence Study

The Evaluating Cyber Security Evidence for Policy Advice (ECSEPA) project survey is intended to learn more about how the UK Government policy advisory and policymaking community evaluate evidence in their roles.

The objective of the study is to understand how people in your roles can be better supported. To learn more about the project, head to

All information collected in this study will remain strictly confidential and anonymous. All information will be deleted by 31st May 2019. The results of this study would be reported in a manner that no individual or organisation will be identifiable.

Take the survey

Was this report helpful?

We need your feedback to improve this content.

Yes No